Padding the Numbers: Vulnerability Duplication

Recently the OSVDB Blog had an interesting article regarding vulnerability duplication via the “hazard of 0day” wherein a vulnerability being exploited in the wild was mistaken for a new vulnerability when in fact it was not.  This caused many of the vulnerability database vendors to issue new IDs, send out threat warnings, bring in the livestock from the impending storm, and so forth.  The resulting fallout from realization that it [...]

ToorCon Seattle 2008

The ToorCon organization puts on some of the best conferences in my opinion, and this last weekend was version 1.0 of their Seattle conference (beta was last year, which I also attended). Friday night was entirely 5-minute lightning talks and then Saturday was entirely 20-minute turbo talks. Sunday was workshops, which unfortunately I could not attend since I had to fly back to Austin mid-day. Last year was invite only [...]

ms07-061

My second Microsoft Patch Tuesday at the new employer was fairly uneventful. This Tuesday there was only one patch rated critical, MS07-061, and as it turns out it was the bug that I had already worked on last week. Essentially all I had to do was update my strikes from last week with the new reference and rename them, and our team was essentially done. You can read the details [...]

By |2007-11-13T14:54:39+00:00November 13th, 2007|employment, exploit, security, security research|0 Comments

CSI 2007

CSI 2007 was the first time I’ve ever attended a CSI conference. I was actually a CSI member way back in the day when I was running my own consulting firm and needed as many business development avenues to explore as possible, but after closing my consultancy and going back to work for The Man(tm) I didn’t keep up my membership as I really wasn’t getting much out of the [...]

ToorCon 9

ToorCon is always one of my favorite conferences of the year, and this year was no different. Actually, I take that back, it WAS different, it was even better than usual. I got something out of almost every talk that I attended, and the conference ran very smoothly. The conference is small and intimate and the speaker badges are green… I really can’t ask for much more. This year the [...]

ms07-055

Last week was Microsoft Patch Tuesday, and for once it actually affected me directly. The team I am part of at my new employer is responsible for reversing out patches such as these, determining the vulnerability that was patched, and developing ways to exploit or otherwise attack the software. From the advisories that were released, I ended up with ms07-055 which detailed a stack overflow in the Kodak Image Viewer [...]

By |2007-10-15T17:27:27+00:00October 15th, 2007|exploit, hack, hpavc, security research|0 Comments

New Employer: BreakingPoint Systems

Today I stepped into a new role as a Security Researcher for BreakingPoint Systems. I will be working with the team that handles the security component of the flagship product, the BPS-1000, which is a load and security testing appliance used to test network devices such as switches, firewalls, and the types of products my previous employer produces, Intrusion Prevention (or Detection) Systems. For the most part I'll be developing [...]

By |2007-10-01T21:50:39+00:00October 1st, 2007|employment, security, security research|0 Comments

Speaking at ToorCon 9

I've been invited to speak at ToorCon 9 in San Diego next month. My topic will be Context-keyed Payload Encoding in which I introduce a new method of keying an encoder which is based entirely on contextual information that is predictable or known about the target by the attacker and constructible or recoverable by the decoder stub when executed at the target. An active observer of the attack traffic, however, [...]

By |2007-09-24T07:38:45+00:00September 24th, 2007|conference, hack, hpavc, security, security research|0 Comments

Real-time Steganography with RTP Video

Apparently, some guy purchased video of all of the DEFCON 15 talks on DVD, then ripped them all to MP4 and uploaded them to Google Video. If you couldn't make DEFCON this year and wanted to see my talk, or don't have the patience to read the 50 page paper but have about an hour to watch a video, you should check it out.